recog 2.3.18 → 2.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +26 -0
- data/.github/workflows/verify.yml +89 -0
- data/CONTRIBUTING.md +6 -0
- data/README.md +17 -0
- data/bin/recog_standardize +33 -12
- data/bin/recog_verify +1 -2
- data/cpe-remap.yaml +355 -200
- data/features/verify.feature +14 -14
- data/identifiers/README.md +24 -10
- data/identifiers/fields.txt +105 -0
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +19 -0
- data/identifiers/hw_product.txt +122 -0
- data/identifiers/os_device.txt +2 -1
- data/identifiers/os_family.txt +3 -0
- data/identifiers/os_product.txt +46 -8
- data/identifiers/service_family.txt +10 -1
- data/identifiers/service_product.txt +90 -2
- data/identifiers/vendor.txt +104 -0
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +18 -5
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +5 -5
- data/lib/recog/verifier_factory.rb +3 -3
- data/lib/recog/verify_reporter.rb +14 -4
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/verify_reporter_spec.rb +69 -0
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +19 -6
- data/xml/apache_modules.xml +60 -0
- data/xml/apache_os.xml +38 -38
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +11 -1
- data/xml/favicons.xml +270 -45
- data/xml/ftp_banners.xml +89 -64
- data/xml/h323_callresp.xml +99 -99
- data/xml/hp_pjl_id.xml +3 -3
- data/xml/html_title.xml +1051 -62
- data/xml/http_cookies.xml +294 -85
- data/xml/http_servers.xml +551 -122
- data/xml/http_wwwauth.xml +139 -43
- data/xml/imap_banners.xml +8 -8
- data/xml/ldap_searchresult.xml +1 -0
- data/xml/mdns_device-info_txt.xml +720 -27
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +4 -4
- data/xml/ntp_banners.xml +79 -65
- data/xml/operating_system.xml +6 -6
- data/xml/pop_banners.xml +11 -11
- data/xml/rsh_resp.xml +3 -3
- data/xml/rtsp_servers.xml +7 -0
- data/xml/sip_banners.xml +374 -9
- data/xml/sip_user_agents.xml +377 -5
- data/xml/smb_native_lm.xml +32 -1
- data/xml/smb_native_os.xml +160 -33
- data/xml/smtp_banners.xml +168 -129
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_expn.xml +1 -0
- data/xml/smtp_help.xml +10 -10
- data/xml/smtp_noop.xml +2 -2
- data/xml/smtp_vrfy.xml +1 -0
- data/xml/snmp_sysdescr.xml +508 -214
- data/xml/snmp_sysobjid.xml +25 -25
- data/xml/ssh_banners.xml +145 -29
- data/xml/telnet_banners.xml +240 -61
- data/xml/tls_jarm.xml +162 -0
- data/xml/x509_issuers.xml +237 -2
- data/xml/x509_subjects.xml +369 -49
- metadata +10 -3
data/xml/http_wwwauth.xml
CHANGED
@@ -2,6 +2,14 @@
|
|
2
2
|
<fingerprints matches="http_header.wwwauth" protocol="http" database_type="service" preference="0.85">
|
3
3
|
<!-- HTTP WWW-Authenticate headers are matched against these patterns to fingerprint HTTP servers. -->
|
4
4
|
|
5
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="monit"$">
|
6
|
+
<description>Minot</description>
|
7
|
+
<example>Basic realm="monit"</example>
|
8
|
+
<param pos="0" name="service.vendor" value="Tildeslash"/>
|
9
|
+
<param pos="0" name="service.product" value="Monit"/>
|
10
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:tildeslash:monit:-"/>
|
11
|
+
</fingerprint>
|
12
|
+
|
5
13
|
<fingerprint pattern="^(?:Basic|Digest) realm="access"$">
|
6
14
|
<description>Cisco IOS 11.x</description>
|
7
15
|
<example>Basic realm="access"</example>
|
@@ -70,7 +78,7 @@
|
|
70
78
|
<param pos="1" name="hw.product"/>
|
71
79
|
</fingerprint>
|
72
80
|
|
73
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="Cisco_CCSP_CWMP_TCPCR"
|
81
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Cisco_CCSP_CWMP_TCPCR"">
|
74
82
|
<description>Generic Cisco CWMP/CPE equipment</description>
|
75
83
|
<example>Basic realm="Cisco_CCSP_CWMP_TCPCR"</example>
|
76
84
|
<param pos="0" name="hw.vendor" value="Cisco"/>
|
@@ -89,7 +97,7 @@
|
|
89
97
|
<param pos="0" name="os.product" value="Firewall-1"/>
|
90
98
|
</fingerprint>
|
91
99
|
|
92
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpanel"
|
100
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpanel"">
|
93
101
|
<description>cPanel</description>
|
94
102
|
<example>Basic realm="cPanel"</example>
|
95
103
|
<param pos="0" name="service.vendor" value="cPanel"/>
|
@@ -106,7 +114,7 @@
|
|
106
114
|
<param pos="0" name="os.device" value="Power Device"/>
|
107
115
|
</fingerprint>
|
108
116
|
|
109
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="ADSL\S* (?:Modem|Router|Modem/Router)"
|
117
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="ADSL\S* (?:Modem|Router|Modem/Router)"">
|
110
118
|
<description>Generic ADSL modems/routers</description>
|
111
119
|
<example>Basic realm="ADSL Modem"</example>
|
112
120
|
<example>Basic realm="ADSL Modem/Router"</example>
|
@@ -115,19 +123,19 @@
|
|
115
123
|
<param pos="0" name="hw.device" value="ADSL Modem"/>
|
116
124
|
</fingerprint>
|
117
125
|
|
118
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="Broadband Router"
|
126
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Broadband Router"">
|
119
127
|
<description>Generic Broadband modems/routers</description>
|
120
128
|
<example>Basic realm="Broadband Router"</example>
|
121
129
|
<param pos="0" name="hw.device" value="Broadband Router"/>
|
122
130
|
</fingerprint>
|
123
131
|
|
124
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="DSL\S* (?:Modem|Router|Modem/Router)"
|
132
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="DSL\S* (?:Modem|Router|Modem/Router)"">
|
125
133
|
<description>Generic DSL modems/routers</description>
|
126
134
|
<example>Basic realm="DSL Modem"</example>
|
127
135
|
<param pos="0" name="hw.device" value="DSL Modem"/>
|
128
136
|
</fingerprint>
|
129
137
|
|
130
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="DVR"
|
138
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="DVR"">
|
131
139
|
<description>Generic DVR</description>
|
132
140
|
<example>Basic realm="DVR"</example>
|
133
141
|
<param pos="0" name="hw.device" value="DVR"/>
|
@@ -135,7 +143,7 @@
|
|
135
143
|
|
136
144
|
<!-- Hikvision is OEMd by a number of DVR manufacturers -->
|
137
145
|
|
138
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="(?i:hikvision)"
|
146
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="(?i:hikvision)"">
|
139
147
|
<description>Web server found on DVR and webcam servers sourced from Hikvision</description>
|
140
148
|
<example>Basic realm="hikvision"</example>
|
141
149
|
<param pos="0" name="service.vendor" value="Hikvision"/>
|
@@ -146,20 +154,20 @@
|
|
146
154
|
<param pos="0" name="hw.device" value="DVR"/>
|
147
155
|
</fingerprint>
|
148
156
|
|
149
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="Merit LILIN Ent\. Co\., Ltd."
|
157
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Merit LILIN Ent\. Co\., Ltd."">
|
150
158
|
<description>Merit LILIN generic device</description>
|
151
159
|
<example>Basic realm="Merit LILIN Ent. Co., Ltd,"</example>
|
152
160
|
<example>Basic realm="Merit LILIN Ent. Co., Ltd."</example>
|
153
161
|
<param pos="0" name="hw.vendor" value="Merit LILIN"/>
|
154
162
|
</fingerprint>
|
155
163
|
|
156
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="Wireless Access Point"
|
164
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Wireless Access Point"">
|
157
165
|
<description>Generic WAP</description>
|
158
166
|
<example>Basic realm="Wireless Access Point"</example>
|
159
167
|
<param pos="0" name="hw.device" value="WAP"/>
|
160
168
|
</fingerprint>
|
161
169
|
|
162
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?"
|
170
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(?:(?:Cube|(?:Mini )?Dome|Day/Night|PAN/Tilt|POE|IR|HD|H.264|Surveillance|Wired|Wireless(?: N)?|Network|Internet|(?:IP(?:[\s_-])?)?Cameras?[\s_]*\d*) ?){1,4}?(?: Login)?"">
|
163
171
|
<description>Generic IP Cameras</description>
|
164
172
|
<example>Basic realm="camera"</example>
|
165
173
|
<example>Basic realm="IPCamera Login"</example>
|
@@ -167,7 +175,7 @@
|
|
167
175
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
168
176
|
</fingerprint>
|
169
177
|
|
170
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="(DCS-[^"]+)"
|
178
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="(DCS-[^"]+)"">
|
171
179
|
<description>D-Link DCS IP Cameras</description>
|
172
180
|
<example hw.product="DCS-5222LB1">Basic realm="DCS-5222LB1"</example>
|
173
181
|
<example hw.product="DCS-2530L">Basic realm="DCS-2530L"</example>
|
@@ -176,7 +184,7 @@
|
|
176
184
|
<param pos="1" name="hw.product"/>
|
177
185
|
</fingerprint>
|
178
186
|
|
179
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="GoAhead"
|
187
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="GoAhead"">
|
180
188
|
<description>GoAhead webserver</description>
|
181
189
|
<example>Basic realm="GoAhead"</example>
|
182
190
|
<param pos="0" name="service.vendor" value="Oracle"/>
|
@@ -184,13 +192,23 @@
|
|
184
192
|
<param pos="0" name="service.family" value="GoAhead Webserver"/>
|
185
193
|
</fingerprint>
|
186
194
|
|
187
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="
|
195
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="Logitech Media Server"">
|
196
|
+
<description>Logitech Media server</description>
|
197
|
+
<example>Basic realm="Logitech Media Server"</example>
|
198
|
+
<param pos="0" name="service.vendor" value="Logitech"/>
|
199
|
+
<param pos="0" name="service.product" value="Squeezebox"/>
|
200
|
+
</fingerprint>
|
201
|
+
|
202
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="kubernetes-master"">
|
188
203
|
<description>Kubernetes master nodes</description>
|
189
204
|
<example>Basic realm="kubernetes-master"</example>
|
190
205
|
<param pos="0" name="service.vendor" value="Kubernetes"/>
|
206
|
+
<param pos="0" name="service.family" value="Kubernetes"/>
|
207
|
+
<param pos="0" name="service.product" value="Kubernetes"/>
|
208
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kubernetes:kubernetes:-"/>
|
191
209
|
</fingerprint>
|
192
210
|
|
193
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="RUIJIE(?:-CPE)?"
|
211
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest) realm="RUIJIE(?:-CPE)?"">
|
194
212
|
<description>Ruijie Networks generic</description>
|
195
213
|
<example>Digest realm="RUIJIE-CPE"</example>
|
196
214
|
<param pos="0" name="hw.vendor" value="Ruijie"/>
|
@@ -261,7 +279,7 @@
|
|
261
279
|
<param pos="2" name="host.mac"/>
|
262
280
|
</fingerprint>
|
263
281
|
|
264
|
-
<fingerprint pattern="^(?:Basic|Digest).*realm="Thomson(?: Gateway)?"
|
282
|
+
<fingerprint pattern="^(?:Basic|Digest).*realm="Thomson(?: Gateway)?"">
|
265
283
|
<description>Thomson generic devices</description>
|
266
284
|
<example>Digest realm="Thomson Gateway"</example>
|
267
285
|
<example>Basic realm="Thomson"</example>
|
@@ -285,7 +303,7 @@
|
|
285
303
|
<param pos="1" name="hw.product"/>
|
286
304
|
</fingerprint>
|
287
305
|
|
288
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="HuaweiHomeGateway"
|
306
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="HuaweiHomeGateway"">
|
289
307
|
<description>Huawei Home Gateway Routers</description>
|
290
308
|
<example>Basic realm="HuaweiHomeGateway"</example>
|
291
309
|
<param pos="0" name="hw.vendor" value="Huawei"/>
|
@@ -293,7 +311,7 @@
|
|
293
311
|
<param pos="0" name="hw.product" value="Home Gateway"/>
|
294
312
|
</fingerprint>
|
295
313
|
|
296
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="EchoLife .*"
|
314
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="EchoLife .*"">
|
297
315
|
<description>Huawei EchoLife Home Gateways</description>
|
298
316
|
<example>Basic realm="EchoLife Portal de Inicio"</example>
|
299
317
|
<example>Basic realm="EchoLife Home Gateway"</example>
|
@@ -318,29 +336,35 @@
|
|
318
336
|
|
319
337
|
<fingerprint pattern="^(?:Basic|Digest) realm="(TD-[VW8][A-Z0-9]+)(?:| \d+\.\d+)"$">
|
320
338
|
<description>TP-LINK SoHo Router - dash variant</description>
|
321
|
-
<example>Basic realm="TD-W8901G"</example>
|
339
|
+
<example os.product="TD-W8901G">Basic realm="TD-W8901G"</example>
|
322
340
|
<example>Basic realm="TD-8840T 2.0"</example>
|
323
|
-
<example>Basic realm="TD-8811"</example>
|
341
|
+
<example hw.product="TD-8811">Basic realm="TD-8811"</example>
|
324
342
|
<param pos="0" name="os.vendor" value="TP-LINK"/>
|
325
343
|
<param pos="0" name="os.device" value="Router"/>
|
326
344
|
<param pos="1" name="os.product"/>
|
345
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
346
|
+
<param pos="0" name="hw.device" value="Router"/>
|
347
|
+
<param pos="1" name="hw.product"/>
|
327
348
|
</fingerprint>
|
328
349
|
|
329
350
|
<fingerprint pattern="^(?:Basic|Digest) realm="(TD8[A-Z0-9]+)"$">
|
330
351
|
<description>TP-LINK SoHo Router</description>
|
331
|
-
<example>Basic realm="TD854W"</example>
|
332
|
-
<example>Basic realm="TD811"</example>
|
352
|
+
<example os.product="TD854W">Basic realm="TD854W"</example>
|
353
|
+
<example hw.product="TD811">Basic realm="TD811"</example>
|
333
354
|
<example>Basic realm="TD821"</example>
|
334
355
|
<example>Basic realm="TD841"</example>
|
335
356
|
<param pos="0" name="os.vendor" value="TP-LINK"/>
|
336
357
|
<param pos="0" name="os.device" value="Router"/>
|
337
358
|
<param pos="1" name="os.product"/>
|
359
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
360
|
+
<param pos="0" name="hw.device" value="Router"/>
|
361
|
+
<param pos="1" name="hw.product"/>
|
338
362
|
</fingerprint>
|
339
363
|
|
340
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)"
|
364
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="TP-LINK.*(?:Access Point|Extender|AP) ([A-Z0-9\-\+]+)"">
|
341
365
|
<description>TP-LINK SoHo Router - verbose variant</description>
|
342
|
-
<example>Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
|
343
|
-
<example>Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
|
366
|
+
<example os.product="WA801N">Basic realm="TP-LINK Wireless N Access Point WA801N"</example>
|
367
|
+
<example hw.product="WA830RE">Basic realm="TP-LINK Wireless Range Extender WA830RE"</example>
|
344
368
|
<example>Basic realm="TP-LINK Wireless Range Extender WA850RE"</example>
|
345
369
|
<example>Basic realm="TP-LINK Wireless AP WA501G"</example>
|
346
370
|
<example>Basic realm="TP-LINK Wireless N Access Point WA701ND"</example>
|
@@ -358,9 +382,12 @@
|
|
358
382
|
<param pos="0" name="os.vendor" value="TP-LINK"/>
|
359
383
|
<param pos="0" name="os.device" value="WAP"/>
|
360
384
|
<param pos="1" name="os.product"/>
|
385
|
+
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
386
|
+
<param pos="0" name="hw.device" value="WAP"/>
|
387
|
+
<param pos="1" name="hw.product"/>
|
361
388
|
</fingerprint>
|
362
389
|
|
363
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK (.*Router.*)"
|
390
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK (.*Router.*)"">
|
364
391
|
<description>TP-LINK Routers</description>
|
365
392
|
<example>Basic realm="TP-LINK Wireless N Router WR841N"</example>
|
366
393
|
<example>Basic realm="TP-LINK Gigabit Broadband VPN Router R600VPN"</example>
|
@@ -370,21 +397,21 @@
|
|
370
397
|
<param pos="1" name="hw.product"/>
|
371
398
|
</fingerprint>
|
372
399
|
|
373
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK IP-Camera"
|
400
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TP-LINK IP-Camera"">
|
374
401
|
<description>TP-LINK IP-Cameras</description>
|
375
402
|
<example>Basic realm="TP-LINK IP-Camera"</example>
|
376
403
|
<param pos="0" name="hw.vendor" value="TP-LINK"/>
|
377
404
|
<param pos="0" name="hw.device" value="IP Camera"/>
|
378
405
|
</fingerprint>
|
379
406
|
|
380
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest) .*realm="Broadcom Management Service"
|
407
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest) .*realm="Broadcom Management Service"">
|
381
408
|
<description>Supposedly part of Broadcom Advanced Control Suite 3 (BACS3) or something similar</description>
|
382
409
|
<example>Digest qop="auth", realm="Broadcom Management Service", nonce="AAAAAAAAAAAAAP//DwHpMwYy1zc=", algorithm="MD5"</example>
|
383
410
|
<param pos="0" name="service.vendor" value="Broadcom"/>
|
384
411
|
<param pos="0" name="service.product" value="Management Service"/>
|
385
412
|
</fingerprint>
|
386
413
|
|
387
|
-
<fingerprint pattern="^(?:Basic|Digest) .*realm="SWAT"
|
414
|
+
<fingerprint pattern="^(?:Basic|Digest) .*realm="SWAT"">
|
388
415
|
<description>Samba Web Administration Tool (SWAT)</description>
|
389
416
|
<example>Basic realm="SWAT"</example>
|
390
417
|
<param pos="0" name="service.vendor" value="Samba"/>
|
@@ -392,7 +419,7 @@
|
|
392
419
|
<param pos="0" name="service.product" value="SWAT"/>
|
393
420
|
</fingerprint>
|
394
421
|
|
395
|
-
<fingerprint pattern="
|
422
|
+
<fingerprint pattern="^.{0,1000}(?:Basic|Digest) realm="SPIP Configuration"">
|
396
423
|
<description>SPIP publishing system (www.spip.net)</description>
|
397
424
|
<example>Basic realm="SPIP Configuration", Digest realm="SPIP Configuration", nonce="116761147", algorithm="MD5"</example>
|
398
425
|
<param pos="0" name="service.vendor" value="SPIP"/>
|
@@ -400,7 +427,7 @@
|
|
400
427
|
<param pos="0" name="service.cpe23" value="cpe:/a:spip:spip:-"/>
|
401
428
|
</fingerprint>
|
402
429
|
|
403
|
-
<fingerprint pattern="
|
430
|
+
<fingerprint pattern="^.{0,1000}(?:Basic|Digest) .*realm="HP ISEE @ ([^"]+)"">
|
404
431
|
<description>HP Instant Support Enterprise Edition with a hostname</description>
|
405
432
|
<example host.name="blah">Basic realm="HP ISEE @ blah"</example>
|
406
433
|
<param pos="0" name="service.vendor" value="HP"/>
|
@@ -408,7 +435,7 @@
|
|
408
435
|
<param pos="1" name="host.name"/>
|
409
436
|
</fingerprint>
|
410
437
|
|
411
|
-
<fingerprint pattern="
|
438
|
+
<fingerprint pattern="^.{0,1000}(?:Basic|Digest) .*realm="BIG-IP"">
|
412
439
|
<description>Generic F5 Big-IP</description>
|
413
440
|
<example>Basic realm="BIG-IP"</example>
|
414
441
|
<param pos="0" name="service.vendor" value="F5"/>
|
@@ -440,13 +467,13 @@
|
|
440
467
|
<param pos="1" name="os.product"/>
|
441
468
|
</fingerprint>
|
442
469
|
|
443
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="SERCOMM CPE Authentication"
|
470
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="SERCOMM CPE Authentication"">
|
444
471
|
<description>Assorted Sercomm CPE devices</description>
|
445
472
|
<example>Digest realm="SERCOMM CPE Authentication"</example>
|
446
473
|
<param pos="0" name="hw.vendor" value="Sercomm"/>
|
447
474
|
</fingerprint>
|
448
475
|
|
449
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TiVo DVR"
|
476
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="TiVo DVR"">
|
450
477
|
<description>Tivo DVR</description>
|
451
478
|
<example>Digest realm="TiVo DVR"</example>
|
452
479
|
<param pos="0" name="hw.vendor" value="Tivo"/>
|
@@ -454,7 +481,7 @@
|
|
454
481
|
<param pos="0" name="hw.device" value="DVR"/>
|
455
482
|
</fingerprint>
|
456
483
|
|
457
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="UBEE"
|
484
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="UBEE"">
|
458
485
|
<description>Ubee Cable Modems</description>
|
459
486
|
<example>Digest qop="auth", realm="Ubee", nonce="1544738973"</example>
|
460
487
|
<param pos="0" name="hw.vendor" value="Ubee"/>
|
@@ -469,13 +496,13 @@
|
|
469
496
|
<param pos="0" name="service.family" value="Oracle"/>
|
470
497
|
</fingerprint>
|
471
498
|
|
472
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpe@zte.com"
|
499
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="cpe@zte.com"">
|
473
500
|
<description>Assorted ZTE CPE devices</description>
|
474
501
|
<example>Digest realm="cpe@zte.com"</example>
|
475
502
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
476
503
|
</fingerprint>
|
477
504
|
|
478
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="ZXHN (\S+)"
|
505
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="ZXHN (\S+)"">
|
479
506
|
<description>ZTE ZXHN router</description>
|
480
507
|
<example>Basic realm="ZXHN H108L"</example>
|
481
508
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
@@ -484,7 +511,7 @@
|
|
484
511
|
<param pos="1" name="hw.product"/>
|
485
512
|
</fingerprint>
|
486
513
|
|
487
|
-
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(ZXV\S* \S+)"
|
514
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="(ZXV\S* \S+)"">
|
488
515
|
<description>ZTE ZXV router</description>
|
489
516
|
<example hw.product="ZXV10 W300">Basic realm="ZXV10 W300"</example>
|
490
517
|
<param pos="0" name="hw.vendor" value="ZTE"/>
|
@@ -513,7 +540,7 @@
|
|
513
540
|
<param pos="0" name="os.product" value="Linux"/>
|
514
541
|
</fingerprint>
|
515
542
|
|
516
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="NETGEAR (Orbi(?:-(?:micro|mini))?)"
|
543
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="NETGEAR (Orbi(?:-(?:micro|mini))?)"">
|
517
544
|
<description>Netgear Orbi</description>
|
518
545
|
<example hw.product="Orbi">Basic realm="NETGEAR Orbi"</example>
|
519
546
|
<example hw.product="Orbi-micro">Basic realm="NETGEAR Orbi-micro"</example>
|
@@ -524,7 +551,7 @@
|
|
524
551
|
<param pos="1" name="hw.product"/>
|
525
552
|
</fingerprint>
|
526
553
|
|
527
|
-
<fingerprint pattern="(?:Basic|Digest) realm="NETGEAR ([a-zA-Z0-9\-\+]+)\s*"
|
554
|
+
<fingerprint pattern="(?:Basic|Digest) realm="NETGEAR ([a-zA-Z0-9\-\+]+)\s*"">
|
528
555
|
<description>Netgear Routers</description>
|
529
556
|
<example hw.product="DG834">Basic realm="NETGEAR DG834 "</example>
|
530
557
|
<example hw.product="C7000v2">Basic realm="NETGEAR C7000v2"</example>
|
@@ -536,7 +563,7 @@
|
|
536
563
|
|
537
564
|
<!-- Fallback to the most generic Netgear match -->
|
538
565
|
|
539
|
-
<fingerprint pattern="(?:Basic|Digest) realm="Netgear"
|
566
|
+
<fingerprint pattern="(?:Basic|Digest) realm="Netgear"">
|
540
567
|
<description>Netgear Unspecified Router</description>
|
541
568
|
<example>Basic realm="Netgear"</example>
|
542
569
|
<param pos="0" name="hw.vendor" value="Netgear"/>
|
@@ -554,7 +581,7 @@
|
|
554
581
|
<param pos="1" name="hw.product"/>
|
555
582
|
</fingerprint>
|
556
583
|
|
557
|
-
<fingerprint pattern="^(?:Basic|Digest) realm="[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?"
|
584
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="[iI]RMC(?:@(IRMC[0-9a-fA-F]{6}))?"">
|
558
585
|
<description>Fujitsu Siemens Primergy with BMC RemoteView on an iRMC card</description>
|
559
586
|
<example host.name="IRMCA0EC88">Digest realm="iRMC@IRMCA0EC88", qop="auth", nonce="d569ace4-00029040", opaque="29040", stale="FALSE"</example>
|
560
587
|
<param pos="0" name="service.vendor" value="Fujitsu Siemens"/>
|
@@ -566,6 +593,75 @@
|
|
566
593
|
<param pos="1" name="host.name"/>
|
567
594
|
</fingerprint>
|
568
595
|
|
596
|
+
<fingerprint pattern="^(?:Basic|Digest) realm="DELL \| SonicWALL SonicPoint">
|
597
|
+
<description>SonicWall SonicPoint (non-specific)</description>
|
598
|
+
<example>Basic realm="DELL | SonicWALL SonicPoint ACe/ACi/N2"</example>
|
599
|
+
<param pos="0" name="os.vendor" value="SonicWall"/>
|
600
|
+
<param pos="0" name="os.device" value="WAP"/>
|
601
|
+
<param pos="0" name="os.product" value="SonicOS"/>
|
602
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:sonicwall:sonicos:-"/>
|
603
|
+
<param pos="0" name="hw.vendor" value="SonicWall"/>
|
604
|
+
<param pos="0" name="hw.product" value="SonicPoint"/>
|
605
|
+
</fingerprint>
|
606
|
+
|
607
|
+
<fingerprint pattern="(?i)^(?:Basic|Digest).*realm="rokudev"">
|
608
|
+
<description>Roku Streaming Device</description>
|
609
|
+
<example>Digest qop="auth", realm="rokudev", nonce="1111111111"</example>
|
610
|
+
<param pos="0" name="hw.vendor" value="Roku"/>
|
611
|
+
<param pos="0" name="hw.device" value="Media Server"/>
|
612
|
+
</fingerprint>
|
613
|
+
|
614
|
+
<fingerprint pattern="(?i)^Basic realm="System Setup"">
|
615
|
+
<description>Patton DSL Router</description>
|
616
|
+
<example>Basic realm="System Setup"</example>
|
617
|
+
<param pos="0" name="hw.vendor" value="Patton"/>
|
618
|
+
<param pos="0" name="hw.device" value="Router"/>
|
619
|
+
<param pos="0" name="hw.product" value="SHDSL Router"/>
|
620
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
621
|
+
</fingerprint>
|
622
|
+
|
623
|
+
<fingerprint pattern="(?i)^Digest realm="Login to ND[0-9]{3,20}", nonce=">
|
624
|
+
<description>Lorex NR900 Series DVR</description>
|
625
|
+
<example>Digest realm="Login to ND011811000000", nonce="ec3682ef24b2cd9cedefe5cc26110000"</example>
|
626
|
+
<param pos="0" name="hw.vendor" value="Lorex"/>
|
627
|
+
<param pos="0" name="hw.device" value="DVR"/>
|
628
|
+
<param pos="0" name="hw.product" value="NR900"/>
|
629
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
630
|
+
</fingerprint>
|
631
|
+
|
632
|
+
<fingerprint pattern="(?i)^Basic realm="the Access Point"">
|
633
|
+
<description>Psion Teklogix</description>
|
634
|
+
<example>Basic realm="the Access Point"</example>
|
635
|
+
<param pos="0" name="hw.vendor" value="Psion Teklogix"/>
|
636
|
+
<param pos="0" name="hw.device" value="Network Appliance"/>
|
637
|
+
<param pos="0" name="hw.product" value="CommServer"/>
|
638
|
+
</fingerprint>
|
639
|
+
|
640
|
+
<fingerprint pattern="(?i)^Digest realm="Use 'live' as User Name">
|
641
|
+
<description>Bosch AutoDome IP Camera</description>
|
642
|
+
<example>Digest realm="Use 'live' as User Name",nonce="18e62d241a5358a9650640fa72c1773c",opaque="",stale=FALSE,algorithm=MD5</example>
|
643
|
+
<example>Digest realm="Use 'live' as User Name in order to log in to the respective level",nonce="2e6007092c2b28af7e2516b80b5b4f95",opaque="",stale=FALSE,algorithm=MD5,qop="auth"</example>
|
644
|
+
<param pos="0" name="hw.vendor" value="Bosch"/>
|
645
|
+
<param pos="0" name="hw.device" value="Web Cam"/>
|
646
|
+
<param pos="0" name="hw.product" value="AutoDome"/>
|
647
|
+
<param pos="0" name="hw.certainty" value="0.50"/>
|
648
|
+
</fingerprint>
|
649
|
+
|
650
|
+
<fingerprint pattern="(?i)^Basic realm="Shelly"">
|
651
|
+
<description>Shelly Smart Device</description>
|
652
|
+
<example>Basic realm="Shelly"</example>
|
653
|
+
<param pos="0" name="hw.vendor" value="Shelly"/>
|
654
|
+
<param pos="0" name="hw.device" value="Device"/>
|
655
|
+
</fingerprint>
|
656
|
+
|
657
|
+
<fingerprint pattern="(?i)^Basic realm="Eurotherm"">
|
658
|
+
<description>Schneider Electric Eurotherm Device</description>
|
659
|
+
<example>Basic realm="Eurotherm"</example>
|
660
|
+
<param pos="0" name="hw.vendor" value="Schneider Electric"/>
|
661
|
+
<param pos="0" name="hw.device" value="Device"/>
|
662
|
+
<param pos="0" name="hw.family" value="Eurotherm"/>
|
663
|
+
</fingerprint>
|
664
|
+
|
569
665
|
<!-- a variety of headers we currently just ignore -->
|
570
666
|
|
571
667
|
<fingerprint pattern="(?i)^NTLM$">
|
@@ -594,13 +690,13 @@
|
|
594
690
|
<example>Basic realm="index.html"</example>
|
595
691
|
</fingerprint>
|
596
692
|
|
597
|
-
<fingerprint pattern="^(?:Basic|Digest) .*realm="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
|
693
|
+
<fingerprint pattern="^(?:Basic|Digest) .*realm="(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"">
|
598
694
|
<description>Ignore realms with an IPv4 address</description>
|
599
695
|
<example>Basic realm="192.168.0.1"</example>
|
600
696
|
<example>Digest qop="auth", realm="172.16.0.1", nonce="AAAAAAAAAAAAAP//DwHpM0IvM78=", algorithm="MD5"</example>
|
601
697
|
</fingerprint>
|
602
698
|
|
603
|
-
<fingerprint pattern="^(?:Basic|Digest) .*realm="config"
|
699
|
+
<fingerprint pattern="^(?:Basic|Digest) .*realm="config"">
|
604
700
|
<description>Ignore generic 'config' realms</description>
|
605
701
|
<example>Digest realm="config", nonce="1155041914", algorithm="MD5", qop="auth"</example>
|
606
702
|
</fingerprint>
|
data/xml/imap_banners.xml
CHANGED
@@ -47,7 +47,7 @@
|
|
47
47
|
<param pos="2" name="host.name"/>
|
48
48
|
</fingerprint>
|
49
49
|
|
50
|
-
<fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\)
|
50
|
+
<fingerprint pattern="^Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version (6\.5\.\d{4}\.\d+) \((.*)\),">
|
51
51
|
<description>Microsoft Exchange Server 2003, German</description>
|
52
52
|
<example service.version="6.5.7638.1" host.name="foo.bar">Der Microsoft Exchange Server 2003 IMAP4rev1-Server, Version 6.5.7638.1 (foo.bar), steht zur Verfgung.</example>
|
53
53
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -166,7 +166,7 @@
|
|
166
166
|
<param pos="0" name="service.product" value="Courier IMAP"/>
|
167
167
|
</fingerprint>
|
168
168
|
|
169
|
-
<fingerprint pattern="^(\S
|
169
|
+
<fingerprint pattern="^(\S{1,512}) CallPilot IMAP4rev1 v(\S+) server ready\.?$">
|
170
170
|
<description>Nortel CallPilot</description>
|
171
171
|
<example>nottest.localdomain CallPilot IMAP4rev1 v42.02.05.22 server ready.</example>
|
172
172
|
<example>test.localdomain CallPilot IMAP4rev1 v43.03.19.22 server ready.</example>
|
@@ -177,7 +177,7 @@
|
|
177
177
|
<param pos="1" name="host.name"/>
|
178
178
|
</fingerprint>
|
179
179
|
|
180
|
-
<fingerprint pattern="^(\S
|
180
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra IMAP4rev1 server ready\.?$">
|
181
181
|
<description>VMware Zimbra IMAP</description>
|
182
182
|
<example host.name="foo.bar">foo.bar Zimbra IMAP4rev1 server ready</example>
|
183
183
|
<param pos="0" name="service.vendor" value="VMware"/>
|
@@ -186,7 +186,7 @@
|
|
186
186
|
<param pos="1" name="host.name"/>
|
187
187
|
</fingerprint>
|
188
188
|
|
189
|
-
<fingerprint pattern="^(\S
|
189
|
+
<fingerprint pattern="^(\S{1,512}) Zimbra (\S+) IMAP4rev1 server ready\.?$">
|
190
190
|
<description>VMware Zimbra IMAP with service version</description>
|
191
191
|
<example host.name="foo.bar" service.version="7.0.0_GA_3079">foo.bar Zimbra 7.0.0_GA_3079 IMAP4rev1 server ready</example>
|
192
192
|
<param pos="0" name="service.vendor" value="VMware"/>
|
@@ -196,7 +196,7 @@
|
|
196
196
|
<param pos="1" name="host.name"/>
|
197
197
|
</fingerprint>
|
198
198
|
|
199
|
-
<fingerprint pattern="^(
|
199
|
+
<fingerprint pattern="^(\S{1,512}) Cyrus IMAP4 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready$">
|
200
200
|
<description>CMU Cyrus IMAP on Mac OS X</description>
|
201
201
|
<example host.name="example.com" service.version="2.2.12" os.version="10.4.0">example.com Cyrus IMAP4 v2.2.12-OS X 10.4.0 server ready</example>
|
202
202
|
<example host.name="example.com" service.version="2.3.8" os.version="10.5">example.com Cyrus IMAP4 v2.3.8-OS X Server 10.5: 9A562 server ready</example>
|
@@ -213,7 +213,7 @@
|
|
213
213
|
<param pos="1" name="host.name"/>
|
214
214
|
</fingerprint>
|
215
215
|
|
216
|
-
<fingerprint pattern="^(
|
216
|
+
<fingerprint pattern="^(\S{1,512}) Cyrus IMAP4? (?:\S+ )?v(\d+\.\d+.*) server ready$">
|
217
217
|
<description>CMU Cyrus IMAP</description>
|
218
218
|
<example host.name="example.com" service.version="2.3.7">example.com Cyrus IMAP4 v2.3.7 server ready</example>
|
219
219
|
<example host.name="example.com" service.version="2.4.8-Invoca-RPM-2.4.8-1">example.com Cyrus IMAP Murder v2.4.8-Invoca-RPM-2.4.8-1 server ready</example>
|
@@ -253,7 +253,7 @@
|
|
253
253
|
// * OK xxx PMDF IMAP4rev1 V6.0-24 (Message store V6.0-24)
|
254
254
|
// * OK xxx PMDF IMAP4rev1 V6.0-9
|
255
255
|
IMAP_FP_PARSERS[5] = new PatternParser(
|
256
|
-
"^([^\\s]+) PMDF IMAP4rev1 V([^\\s]+)
|
256
|
+
"^([^\\s]+) PMDF IMAP4rev1 V([^\\s]+)");
|
257
257
|
IMAP_FP_PARSERS[5].addConstantParam("product", "PMDF");
|
258
258
|
IMAP_FP_PARSERS[5].addParamSpec(1, "hostname");
|
259
259
|
IMAP_FP_PARSERS[5].addParamSpec(2, "version");
|
@@ -265,7 +265,7 @@
|
|
265
265
|
IMAP_FP_PARSERS[6].addParamSpec(2, "server-time");
|
266
266
|
// Eudora Internet Mail Server
|
267
267
|
IMAP_FP_PARSERS[7] = new PatternParser(
|
268
|
-
"^Eudora Internet Mail Server (.*)
|
268
|
+
"^Eudora Internet Mail Server (.*) ");
|
269
269
|
IMAP_FP_PARSERS[7].addConstantParam("product", "eudoraims");
|
270
270
|
IMAP_FP_PARSERS[7].addParamSpec(1, "version");
|
271
271
|
// Eudora Qualcomm WorldMail
|
data/xml/ldap_searchresult.xml
CHANGED
@@ -365,6 +365,7 @@
|
|
365
365
|
</example>
|
366
366
|
<param pos="0" name="service.vendor" value="Kerio"/>
|
367
367
|
<param pos="0" name="service.product" value="Connect"/>
|
368
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:kerio:connect:-"/>
|
368
369
|
</fingerprint>
|
369
370
|
|
370
371
|
<fingerprint pattern="(?im:vmwPlatformServicesControllerVersion1.\x04.(\d\.\d\.\d)0.)">
|